The Domain Name System (DNS) translates human friendly names such as www.IdealIntegrations.net into computer-friendly IP Addresses, such as 18.104.22.168.
Every computer, phone, or tablet connected to the internet accesses a Domain Name Server (also DNS), either within the corporate environment or from publicly hosted servers.
Many people assume that, as a publicly controlled resource, they can ignore DNS security. However, that assumption leaves the door wide open for cyber criminals.
Earlier in 2019, the U.S. government warned about widespread and complex attacks that sought to steal passwords from users.
The Cisco Talos team dubbed these attacks as “DNSpionage,” because they redirected the DNS from legitimate domains to their own servers.
As we noted previously, obtaining passwords for users provides the toe-hold that many hackers need to breach local IT environments in more significant ways.
Krebs On Security took a deep dive into the DNS attacks, and how the DNSpionage hackers compromised “key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies.”
Of more tangible importance: DNS-focused attacks significantly affect your business, and they should not be ignored.
Hijackers use various methods to overtake DNS: Infected end-points, public wi-fi, and even through the DNS records themselves.
In a practical sense, an internet service provider (ISP) might block known malware sites, but these malware ISPs constantly change to avoid detection.
Unless the traffic is directed to a black-listed site, the ISP will allow it. After all, the ISP itself isn’t examining your traffic, so it won’t know that the endpoint search for your bank’s website has been converted into an Iranian ISP address.
It simply sees that your user wants to connect to Iran, and allows it to do so.
DNS Monitoring & Security
To help you avoid a targeted DNS hijacking, Ideal Integrations provides advice about the tools and options available that fit your needs.
Three popular methods to consider are:
- DNS Registration,
- Software-defined perimeters (SDPs),
- and DNS-layer security.
DNS registration uses DNS security extensions (DNSSEC) to verify DNS record authenticity, check DNS reputation, and filter for suspicious or known bad domains.
This service eliminates many forms of hijacking, particularly for endpoints operating outside of the organization’s LAN (business travelers, remote workers, etc.) where the company infrastructure cannot add additional security.
Software-defined perimeters (SDPs) seek to offer more secure and easier-to-implement alternative to VPNs. They create more secure connections between endpoint users and corporate networks.
Being that those connections are more robust than DNS registration solutions, they come with many options, consume more time, and hold a heavier price tag.
However, for a company with many remote endpoint users, the extra security can be worth it.
DNS-layer security takes a different approach to SDPs by not trying to create a more secure connection between the endpoint and the organization.
Instead, it operates between the organization itself, and the rest of the internet.
DNS-security companies offer various options, but commonly, this solution combinse DNS protection and firewall protection for all users – inside or outside of the corporate environment.
Other Things to Consider
If you’re experiencing an increased concern about your security, consider at least one of the aforementioned options.
However, you should also consider other factors outside of security. Compliance and infrastructure load also benefit from DNS screening.
How much of your organization’s bandwidth is consumed by video streaming?
Worldwide, it’s estimated that Netflix accounts for 12.6% of all internet traffic, and “http” media streaming adds an additional 12.8%.
Furthermore, YouTube accounts for 8.7% of traffic, and Facebook an additional 3%.
Some employees may be more egregious offenders than others, but at certain times of the year, video consumption peaks and spreads.
For example, a law firm needs to conduct a large document review consisting of hundreds of contract reviewers working from their offices.
They try to review millions of large PDF and Excel files on a tight deadline. The first day of the review goes smoothly, and the firm is on track to finish.
On the second day, progress falls significantly. because the downloads speeds grind to a near halt.
After some investigation, the IT staff realizes that NCAA March Madness started, and almost all of the attorneys and staff in the firm are streaming the games.
In response, in order to increase download speeds, the firm must block any site streaming basketball games.
Perhaps your organization allows the team to watch videos as a morale booster. That said, when was the last time anyone checked to see if those privileges were being abused?
Also, about 30% of all data transferred across the internet includes pornography. Unfortunately, two-thirds of all HR professionals find that content on employee work computers.
While the level of concern for pornography may vary from organization to organization, the potential liability for harassment and other company policy violations increases significantly.
Organizations can set up firewalls, or use DNS filtering and monitoring, to reduce liability exposure. That also reduces strain on IT infrastructures.
Recently, an anonymous healthcare CISO revealed that, once she began to monitor guest and corporate internet traffic, she found that a large portion of it came from ransomware, botnets, pornography and cryptomining.
Blocking these categories and their associated IP addresses reduced bandwidth consumption by more than 50%.
Additionally, while complaints about blocked sites created some minor frustration, the help desk call volume dropped significantly over the next several months.
The Right Support
If you need to examine your network traffic to check your exposure, we’re here to help.
At Ideal Integrations, we know that no two companies are alike. That’s why we work with you to examine your organization’s exposure, and to determine the most appropriate solutions.
From firewall adjustments to implementation of a multi-layer security approach, we’ll help you maximize your return on IT!
For a risk-free demonstration, contact us today by completing the form below, or by calling us at 412-349-6680.
If you’ve been actively breached, and you need immediate support, call our incident response team at 412-349-6678.
Building networks and partnerships, we are on your side.